Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
edgar1
Staff
Staff

Created on ‎03-02-2023 10:06 PM Edited on ‎09-12-2024 04:44 AM By Moderator

Article Id 247611

Troubleshooting Tip: Certificate Authentication error when renewing the CA for a remote user with EAP-TLS

Description

This article describes that after renewing CA for certificate authentication, 'Error Certificate binding check failed' error appears when trying to authenticate via EAP-TLS (wireless or wired).

 

rlm_eap_tls: Certificate binding check failed.

eap_tls: ERROR: TLS Alert write:fatal:internal error

SSL routines:tls_process_client_certificate:certificate verify failed
Scope FortiAuthenticator using certificate authentication EAP-TLS.
Solution

Certificate binding refers to FortiAuthenticator being set up for reading the FortiAuthenticator certificate subject and matching it to a known CA certificate. When changing the end user's CA certificate, all user and/or machine certificates are also replaced. In order to verify the certificate chain however, FortiAuthenticator needs to have the new CA certificate installed in the GUI under Certificate Management -> TrustedCAs.

               edgar1_0-1677648163429.png

 

Related article:
Technical Tip: SSL/TLS and the use of Digital Certificates. 
1044
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.